package com.blr.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;

/**
 * ClassName: AuthorizationServerConfig
 * Description: 自定义 授权服务器配置
 * Date: 2022/11/17 PM 1:46:26
 * <p>
 * project: codes
 * package: com.blr.config
 * email: 1085844536@qq.com
 * version:
 *
 * @author WangGuojian
 */
//@Configuration
//@EnableAuthorizationServer // 指定当前应用为授权服务器
public class InMemoryAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private final PasswordEncoder passwordEncoder;
    private final UserDetailsService userDetailsService;
    private final AuthenticationManager authenticationManager;

    @Autowired
    public InMemoryAuthorizationServerConfig(PasswordEncoder passwordEncoder, UserDetailsService userDetailsService, AuthenticationManager authenticationManager) {
        this.passwordEncoder = passwordEncoder;
        this.userDetailsService = userDetailsService;
        this.authenticationManager = authenticationManager;
    }

    /**
     * 配置授权服务器可以为哪些客户端授权
     * <p>
     * id secret redirectURI 使用哪种授权模式
     *
     * @param clients 客户端
     * @throws Exception 异常
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("client")
                // 注册客户端密钥
                .secret(passwordEncoder.encode("secret"))
                .redirectUris("http://www.baidu.com")
                // 授权服务器支持的模式 仅支持授权码模式
                .authorizedGrantTypes("authorization_code", "refresh_token", "implicit", "password"
                        , "client_credentials")
                // 令牌允许获取的资源权限
                .scopes("read:user");
    }

    /**
     * 配置授权服务器使用哪个 userDetailService
     *
     * @param endpoints 端点
     * @throws Exception 异常
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        // 注入 userDetailsService
        endpoints.userDetailsService(userDetailsService);
        // 注入 authenticationManager
        endpoints.authenticationManager(authenticationManager);
    }

    // 授权码这种模式：
//    1.请求用户是否授权 /oauth/authorization
//    完整路径：http://localhost:8080/oauth/authorize?client_id=client&response_type=code&redirect_uri=http://www.baidu.com
//2.授权之后根据获取的授权码获取令牌 /oauth/token   id secret redirectUri code 授权类型 authorization_code
//    完整路径：curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=authorization_code&code=IwvCtx&redirect_uri=http://www.baidu.com' "http://client:secret@localhost:8080/oauth/token"
//    3.支持令牌刷新 /oauth/token     id secret  授权类型 : refresh_token  刷新的令牌：refresh_token
//    完整路径： curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=refresh_token&refresh_token=481cbb2e-15d2-4d5b-b3ac-cb61a04b2920&redirect_uri=http://www.baidu.com' "http://client:secret@localhost:8080/oauth/token"
}
